Hackers of GSAS Site Claim the Site is Unsecured

Hackers hacked into the Website of Graduate School of Arts and Sciences (GSAS) of Harvard University on February 18, 2008. The hack apparently occurred when someone made the site's database files accessible on a P2P (Peer-to-Peer) file-sharing network, claiming to demonstrate that the server of the university lacked security.

The hacker was identified as "kaboom73" and he uploaded a 125-megabyte file, containing the site server's backup, the username and password of the site administrator, the database of the site, and address list, to Pirate Bay, a torrent site.

The intruder posted four important files of the GSAS onto the BitTorrent file-sharing network or P2P network. Thereafter, he listed the files on Pirate Bay, a site for tracking torrents, which are information files that manage BitTorrent users' download contents.

The posting of the database file had an accompanying statement that was grammatically wrong. The statement announced that the purpose of the hack was to show how Harvard's server lacked security, and to question the skill of the system administrators at the University.

The message, in rather broken English, said that it is a backup file of gsas.harvard.edu. It was being released to demonstrate the absence of security on Harvard's server and to show how persons, like the server's administrators, don't know the way to protect a Website.

The message posting described the unlawfully accessed files, as backup for the server of GSAS site, a joomla.sql data file, also a backup for the Website, the contact list, and one file referred to as "other minor things".

There was another file along with the Website file release, named password.txt, displayed a message calling the site administrators stupid people who don't use a proper (secure) password.

On the day of the hack, the GSAS Website was taken offline and restored just the next day.

The attack was not the first time on the GASA Website. Server of the Faculty of Arts and Sciences of GSAS was invaded several times during 2003 summer when a Brazilian attacker hacked the Website. Again in 2005, the University Websites were breached when hackers distributed admission information from high-profile business institutions, including the Harvard Business School.